SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-13

From MozillaWiki
< SummerOfCode‎ | 2012‎ | UserCSP
Revision as of 20:56, 18 August 2012 by Patilkr (talk | contribs)
Jump to navigation Jump to search

« previous week | index | next week »

This Week

Monday, 13 August

  • UserCSP Project report preparation. Project report contains, goal and objectives of the project, functionality and how it works, and technical details of the project.

Tuesday, 14 August

  • Intercepted "shouldLoad" method of nsIContentPolicy interface.
    • The nsIContentPolicy interface is useful to observe content that is being loaded into browser.
    • The "shouldLoad" method of this interface will be called before loading the resource to determine whether to start the load at all.
  • This method is useful to infer the rules for website by observing the contents that are loaded by a web page.

Wednesday, 15 August

  • Perform the resource load type check to collect information about the type of load and destination domain of the request.
  • To infer CSP directive rules such as, script-src, img-src, etc, I intercepted at "shouldLoad" method of nsIContentPolicy interface. When this method is invoked it provides various information, we are specifically interested in following information:
 aContentType : TYPE_IMAGE, TYPE_SCRIPT, TYPE_OBJECT, etc. 
 aContentLocation: It contains destination domain URL where resource is hosted.
 aRequestOrigin: The domain that initiated this resource load request.
    • For example, If request is of TYPE_IMAGE then for "aRequestOrigin", I stored "aContentLocation" URL in "img-src" directive. The entry is only inserted if it doesn't exists in CSP directive to remove duplicates.

Thursday, 16 August

  • Inferred policy for a website by observing its resource loading is send to add-on UI component for displaying it in the add-on UI.
** Inferred policy for a website is shown in the "ALL" tab of the add-on UI.
    • Automatically inferred policy for a website provides hints for users in configuring CSP directives as well as makes their job easier while configuring a CSP policy for the website.

Friday, 17 August

  • Filed a bug on bugzilla.mozilla.org for refinePolicy() method. (Bug 783497)
  • Changed the logo of userCSP add-on. Bug 780045 is for content security policy logo. However, the logo is not yet ready so tentatively we used a Shield icon for userCSP add-on.


Saturday, 18 August

  • userCSP add-on sqlite database file is now stored in ProfD (profile directory) of Firefox. Previously, it was stored on user's Desk(Desktop).
  • Added "Infer CSP" tab to add-on UI.
    • Infer policy tab provides three buttons to the user namely, Start, Stop and SetInferredCSPAsUserCSP.
      • The "Start" button when clicked starts inferring of CSP policy and "Stop" button stops automatic inferring of CSP policy.

Sunday, 19 August

Retrieved from "https://wiki.allizom.org/index.php?title=SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-13&oldid=462128"